Dee-Ann and Robert LeBlanc conclude their series on weeding out the spam in your users' inboxes with this comprehensive look at the tools and tricks Windows mail administrators can use to get their incoming mail services back under control.

Like this article? We recommend

Like this article? We recommend

In parts I through III of this series, we looked at the problems mail users
(and their administrators) face due to spam, and techniques available to mail
administrators to help in dealing with this continually growing threat. Now we
can finally look at the tools and tricks Windows mail administrators can use to
get their incoming mail services back under control. These items can be sorted
into three basic categories: Microsoft Exchange tricks, add-on software tools,
and a new class of Internet appliances.

Tweaking Your Exchange and DNS Servers

Which spam-fighting features your Exchange server supports depends on what
version of Exchange you're running. Exchange 2003 supports both DNS block
lists (DNSBLs) and blocking email sent to invalid accounts, without needing any
external tools to handle these features. Older versions of Exchange don't
support these features without external add-on software. You can change these
settings with the Exchange Server System Messenger:

For DNSBLs, select Global Settings, Message Delivery, Properties,
Connection Filtering and use the Help information if needed to complete the
setup.

Your Microsoft DNS server also offers at least one aspect of SPF support, as
discussed in
part I of this series.
In both the Microsoft Domain Name Server 2000 and 2003, you can add a text
field, which allows you to create an SPF record that other people's servers
can check against. Setting this value at least will make it easier for your mail
to reach others, as SPF gains ground in the mail transit world. To add this
field, open Administrative Tools, DNS Console. Open the zone in which you want
to add the SPF record, select Other New Records, and choose Text (TXT) from the
type list.

This is the most basic form of a useful SPF record:

example.com. TXT "v=spf1 mx -all"

where example.com. represents your domain and extension (note the
period [.] at the end, which is required), and the remainder says that
only the machines matching your MX records send mail from your domain. Mail
coming from any other machine on your domain is then refused by mail servers
that are configured to use SPF records. For more on SPF syntax, see
http://spf.pobox.com/dns.html.

NOTE

Microsoft Exchange doesn't yet support SPF as a spam-defense tool, but
at least you can prevent your hosts from being used as spam generators by adding
the DNS entries.